Uploaded image for project: 'Percona Monitoring and Management'
  1. Percona Monitoring and Management
  2. PMM-5226

Prototype Pollution vulnerability (CVE-2019-19919) in handlebars

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Done
    • Priority: High
    • Resolution: Done
    • Affects Version/s: 2.2.0
    • Fix Version/s: 2.2.1
    • Component/s: QAN App
    • Labels:
    • Story Points:
      1
    • Sprint:
      Platform Sprint 7, Platform Sprint 8
    • Needs Review:
      Yes
    • Needs Doc:
      Yes

      Description

      The handlebars package has the Prototype Pollution vulnerability (CVE-2019-19919).

      PMM versions were not affected by this vulnerability, as this package is used as a build dependency only.

      Solution: update handlebars to version 4.5.3.

      https://github.com/percona/qan-app/pull/354

        Smart Checklist

          Attachments

            Issue Links

              Activity

                People

                Assignee:
                Unassigned
                Reporter:
                roma.novikov Roma Novikov
                Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved:

                    Time Tracking

                    Estimated:
                    Original Estimate - Not Specified
                    Not Specified
                    Remaining:
                    Remaining Estimate - Not Specified
                    Not Specified
                    Logged:
                    Time Spent - 1 hour, 10 minutes
                    1h 10m